Will Security Appliances Be Undone by SaaS Security?

With Cloud computing at front and center stage of IT conversation, a sub group, Software as a Service (SaaS) Security, has benefited from the tailwind. Infonetics Research recorded growth of 70% in 2009 and IDC in their Worldwide Security as a Service 2009-13 Forecast predicts a market of $2B this year. Last September Larry Ellison of Oracle ridiculed cloud computing. I think unless there is a fundamental shift in attitude it is going to be very hard for traditional software vendors to fully commit to the new model.

It reminds me a bit of 5-6 years ago when security appliances started to hit the market. Appliances had already become the major form factor for firewalls and soon became the de-facto for Email and Web Gateways, displacing existing software solutions. Now I believe appliances will meet the same fate as SaaS-based security services become the prime solution. Another factor that will affect hardware appliances is the increased virtualization of applications – why should security applications be any different? Customers are already putting gateway security solutions in a virtualized environment.

A new type of form factor, SaaS hybrid, is starting to become prominent with Enterprise customers. This is the best of both worlds. Parts of the application can be hosted in the cloud while others that rely on close database integration or have strict compliance requirements can stay on premise. A unified web console can set policy and manage both. The cloud benefits include large scale deployment and ease of use while a premise solution allows more local policy control.

Smaller businesses will eventually gravitate towards a unified SaaS portal offering one-stop security across gateways, endpoint and the network. This simplicity will enable small businesses to take advantage of security technologies that were well out of their reach only 3 years ago. Recent data stealing malware incidents show small businesses are targeted by cybercriminals as frequently as large corporations. In fact, a recent Trend end user study found no significant differences between small and large companies with regard to encounters with data stealing malware.

Hardware appliances did a really good job of simplifying security application deployment, but their days for certain security applications may be numbered. What could be simpler than logging onto an Internet web console? The future of SaaS Security is very bright; the future of full featured hardware security appliances, I’m not so sure about.